SV.PCC.MISSING_TEMP_FILENAME
Missing temporary filename
If temporary files are created or used insecurely, application and system data can be left open to attack. Dangerous data can be injected into the application, or data stored in the temporary file can be accessed, modified, or corrupted. To avoid temporary filename issues, both GetTempPath and GetTempFileName should precede the CreateFile function call. The SV.PCC.MISSING_TEMP_FILENAME checker flags situations in which only GetTempPath is used, and it's incorrectly used as the temporary filename.
Vulnerability and risk
Temporary file vulnerability is a very common security issue. The Mitre Corp. security alert database lists over 200 reports of this type. The temporary file vulnerability can be exploited to escalate privilege or manipulate critical information.
Mitigation and prevention
To avoid this vulnerability:
- Use GetTempPath and GetTempFileName to ensure random name creation
- Review the least privilege settings for temporary files
Fixed code example
// Gets the temp path env string (no guarantee it's a valid path).
dwRetVal = GetTempPath(MAX_PATH, // length of the buffer
lpTempPathBuffer); // buffer for path
if (dwRetVal > MAX_PATH || (dwRetVal == 0))
{
PrintError(TEXT("GetTempPath failed"));
if (!CloseHandle(hFile))
{
PrintError(TEXT("CloseHandle(hFile) failed"));
return (7);
}
return (2);
}
// Generates a temporary file name.
uRetVal = GetTempFileName(lpTempPathBuffer, // directory for tmp files
TEXT("DEMO"), // temp file name prefix
0, // create unique name
szTempFileName); // buffer for name
if (uRetVal == 0)
{
PrintError(TEXT("GetTempFileName failed"));
if (!CloseHandle(hFile))
{
PrintError(TEXT("CloseHandle(hFile) failed"));
return (7);
}
return (3);
}
// Creates the new file to write to for the upper-case version.
hTempFile = CreateFile((LPTSTR) szTempFileName, // file name
GENERIC_WRITE, // open for write
0, // do not share
NULL, // default security
CREATE_ALWAYS, // overwrite existing
FILE_ATTRIBUTE_TEMPORARY, // temporary storage
NULL); // no template
if (hTempFile == INVALID_HANDLE_VALUE)
{
PrintError(TEXT("Second CreateFile failed"));
if (!CloseHandle(hFile))
{
PrintError(TEXT("CloseHandle(hFile) failed"));
return (7);
}
return (4);
}
This is an example of code that follows good practices in creating temporary files. With secure temporary filenames, you don't run the risk of leaving the application or system data open to attack.
Related checkers
External guidance
Security training
Application security training materials provided by Secure Code Warrior.